Before you begin using the Cisco Crosswork applications, you are recommended to be familiar with the following basic concepts and complete the planning and information-gathering steps:

• User Roles: Cisco recommends that you use role-based access control to confine users to just the software functions needed to perform their job duties. By default, every new user you create has full administrative privileges. Unless you want to extend the same privileges to every user, you will need to plan a system of user roles, create them, and assign them to the user profiles you create.

• User Accounts: Cisco recommends as a best practice that you create separate accounts for all of your users, so that there is an audit record of user activity on the system. Prepare a list of the people who will use the Crosswork application. Decide on their user names and preliminary passwords, and create user profiles for them. Crosswork also supports integration with many TACACS+ and LDAP servers to allow you to centrally manage user roles and accounts. See Set Up User Authentication (TACACS+, LDAP, and RADIUS) for more details.

• Device-Access Groups: Device-access groups (DAGs) are groups of devices that are used to define device access for users. Users associated with the DAGs are allowed to make configuration changes and provision services on the devices that belong to those DAGs. When a user is created, they must be assigned both a DAG (at least one) and a role. See Manage Device Access Groups for more details.

• Credential Profiles: For Cisco Crosswork to be able to access a device or to interact with a provider, it must be able to present credentials. Rather than entering credentials each time they are needed, you can create credential profiles to securely store this information. The platform supports unique credentials for each type of access protocol, and allows you to bundle multiple protocols and their corresponding credentials in a single profile. Devices that use the same credentials can share a credential profile. For example, if all of your routers in a particular building share a single SSH user ID and password, you can create a single credential profile to allow Cisco Crosswork to access and manage them.

  Before creating a credential profile, you must gather access credentials and supported protocols that you will use to monitor and manage your devices. For devices, it includes user IDs, passwords, and additional data such as the SNMP v2 read and write community strings, and SNMPv3 auth and privilege types. For other type of providers (NSO, SR-PCE, Storage, Alert, and WAE), this always includes user IDs, passwords, and connection protocols. You will use these to create credential profiles.

• Tags: Tags are simple text strings you can attach to devices to help group them. Cisco Crosswork comes with a short list of ready-made tags used to group network devices. You can create your own tags and use them to identify, find, and group devices for a variety of purposes.

  Plan a preliminary list of custom tags to create when setting up the system, so that you can use them to group your devices when you first onboard them. You need not have a complete list of tags at first, as you can always add more later, but please note that all the tags you do plan to use must be in place before you need them. Otherwise, you will need to manually go back and add them where you wish to use them. See Create Tags for more details.

• Providers: Cisco Crosswork applications rely on external services such as Cisco Network Services Orchestrator (NSO) or SR-PCE for various tasks like configuration changes, segment routing path computation, and so on. In order to manage the access and reuse of information between Crosswork applications, a Provider (such as NSO and SR-PCE) needs to be configured for each external service. The provider family determines the type of service that provider supplies to Cisco Crosswork, and the parameters unique to that service, which must be configured. The parameters needed to configure a provider depend on the type of Crosswork application is used. It is important to review and gather each Crosswork application requirement, before configuring a Provider. For more information, see About Provider Families and Provider Dependency.

  • Cisco Network Services Orchestrator (Cisco NSO) is used by many Crosswork Applications to make changes to device configurations and to provision services on devices. To add Cisco NSO s a provider you will need the IP address and credentials used to communicate. See Add Cisco NSO Providers for more details.

    Note	Additional steps are needed when using Cisco NSO in LSA mode. See Enable Layered Service Architecture (LSA) for more details.

  • If you plan to use Crosswork Optimization Engine, at least one Cisco SR-PCE provider, at minimum, must be defined in order to discover devices and to distribute policy configuration to devices. Additional SR-PCEs can be used for more complex network topologies and redundancy. You can either add devices to the system yourself (see Add Devices to the Inventory for more details) or auto-onboard them via the SR-PCE discovery (see Add Cisco SR-PCE Providers for more details). While you can change the configuration at any time it is ideal to decide which process you will use before you get too far into the deployment and configuration of Crosswork.

• Devices: You can onboard devices using the UI, a CSV file, an API, SR-PCE discovery, or ZTP. The way a device is onboarded determines the type of information needed to configure a device in Crosswork. Also, Crosswork can forward device configuration to NSO which can change how you provision an NSO provider. For more information, see Add Devices to the Inventory.

• External Data Destination(s): Cisco Crosswork functions as the controller for the Cisco Crosswork Data Gateway. Operators who plan to have Cisco Crosswork Data Gateway forward data to other data destinations, need to know about the format required by those destinations and other connection requirements. This is covered in detail in Cisco Crosswork Data Gateway.

• Labels: Labels are used with Crosswork Change Automation to restrict which users are able to execute a playbook. For example, while you may want lower-level operators to be able to run check playbooks you may use labels to prevent them from running more complex or impactful playbooks that make changes to network device configuration.

• If you plan to use Crosswork Health Insights, KPI (Key Performance Indicators) Profile(s) are used to monitor the health of the network. You can establish unique performance criteria based on the way a device or devices are used in the network. KPIs can be grouped to form a KPI Profile. It is helpful to have a good idea of the data you plan to monitor and the performance targets that you want to establish as you setup Health Insights.

• If you plan to install the Crosswork Service Health application, you should review the samples provided to determine if they are adequate for monitoring devices in your network.

Note that you can capture the devices, credential profiles, tags, and providers lists in spreadsheet form, convert the spreadsheet to CSV format, and then upload them in bulk to the Cisco Crosswork application that you are using with the help of the Import feature. You can access CSV templates for each of these lists by clicking the Import icon in the corresponding places in the user interface. Select the Download template link when prompted to choose an export destination path and file name.

The first step in getting started with Cisco Crosswork is to prepare the system for use. The table below provides topics to refer to for help when executing each of the following tasks:

Note	This workflow assumes that you have already installed Cisco Crosswork Applications and Crosswork Data Gateway. For the installation instructions, please refer to the latest version of Cisco Crosswork Network Controller 6.0 Installation Guide.

If you were able to complete the recommended planning steps explained in "Before you begin", you should have all the information you need to finish each step in this workflow.